SERVER HOSTING COMPANY Linode continues to stumble into the new year, and has reset all user passwords after a denial-of-service attack.
Linode has covered the decision in a blog post, saying that the reset was necessary because of a suspected breach. The firm apologised for any inconvenience.
"Effective immediately, Linode Manager passwords have been expired. You will be prompted to set a new password on your next log-in. We regret this inconvenience, but this is a necessary precaution," the post said.
The DoS attacks against our DNS infrastructure have resumed - we're working as quickly as possible to mitigate them. https://t.co/snVt5266l5— Linode (@linode) January 4, 2016
"A security investigation into the unauthorised log-in of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, offline or on, at some point.
"The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials."
This is a broad response to what sounds like a small incident, but it is probably best practice. Linode is not the first to be breached and forced to wipe passwords and start again, and it is unlikely to be the last.
The company has followed the examples of others, and has called in forensic investigators and the law to help settle the business and find out who has done this thing, and why they might have done it.
Security Notification and Linode Manager Password Reset https://t.co/Sv79cJcnYJ— Linode (@linode) January 5, 2016
"You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be," added Linode as it joined in the industry chorus of apologies and advice about password picking.
"The security of your data, the functionality of your servers, and your confidence in Linode are extremely important to all of us. While we feel victimised ourselves, we understand it is our responsibility, and our privilege as your host, to provide the best possible security and service.
"You can help further enhance the security of your account by always using strong passwords, enabling two-factor authentication, and never using the same password at multiple services." µ
Firm's first high-end speaker gets the thumbs up from us
Yes. Yes you can
A fantastic ultraportable that's almost devoid of innovation
Screen if you want to go faster